TZUTC: -0500
MSGID: 1528.consprcy@1:2320/105 2d39384f
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
 [Well, that's just great.]

ChatGPT can now beat CAPTCHA checks, so get ready for fake posts everywhere

Date:
Tue, 23 Sep 2025 14:29:18 +0000

Description:
Researchers have managed to trick ChatGPT into solving CAPTCHAs in Agent 
mode, which could mean a deluge of fake posts is about to arrive.

FULL STORY

In a move that has the potential to change the way the Internet looks going
forward, researchers have shown that its possible to trick ChatGPT Agent mode
into solving CAPTCHA puzzles. 

CAPTCHA stands for "Completely Automated Public Turing Test to tell Computers
and Humans Apart and is one way of managing bot activity on the web, stopping
bots from posting on the websites we use every day. 

Most people who use the web are familiar with CAPTCHA puzzles and have a love
/ hate relationship with them. I know I do. They usually involve writing out 
a sequence of letters or numbers that are barely readable in a picture (my
least favorite type), arranging tiles in an image grid to complete an image,
or identify objects. 

On the one hand, websites use them to make sure that all their users are
human, so it stops spam posts from bots, but on the other they can be a real
pain because theyre so tedious to complete. Reframing the problem 

CAPTCHAs have never been foolproof, but theyve done a pretty good job so far
of keeping bots out of our message boards and comments sections. Until now,
that is. Researchers at SPLX have managed to work out how to fool ChatGPT 
into passing a CAPTCHA test using a technique called "prompt injection". 

I'm not talking about ChatGPT just looking at a picture of a CAPTCHA and
telling you what the answer should be (it will do that without a problem), 
but ChatGPT in Agent mode actually using the website, passing the CAPTCHA 
test and using the website as intended as if it were a human, which is
something it shouldnt be able to do. 

ChatGPT working in Agent mode isn't like regular ChatGPT. In Agent mode, you
give ChatGPT a task to complete and it goes away and works on that task in 
the background, leaving you free to perform other tasks. ChatGPT in Agent 
mode can use websites like a human would, but it still shouldn't be able to
pass a CAPTCHA test, since those tests are designed to detect bots and stop
them using websites, which would invalidate their terms of service. It now
appears that by tricking ChatGPT into believing that the tests are fake, it
will pass them anyway.

Serious implications

The researchers did it by reframing CAPTCHA as a fake test to ChatGPT, and
created a conversation where ChatGPT had already agreed to pass the test. The
ChatGPT Agent inherited the context from earlier in the conversation and 
didnt see the usual red flags. 

This multi-turn prompt injection process is well known to hackers and shows
how susceptible LLMs are to it. While the researchers found that image-based
CAPTCHA tests were harder for ChatGPT to manage, it did pass those, too. 

The implications are quite serious since ChatGPT is so widely available that
in the wrong hands, spammers and bad actors could soon be flooding comments
sections with fake posts and even using websites that are reserved for humans.

======================================================================
Link to news story:
https://www.techradar.com/ai-platforms-assistants/chatgpt/chatgpt-can-now-beat
-captcha-checks-so-get-ready-for-fake-posts-everywhere

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426